From: outings @
com (Steve Outing)
Is there any way to prevent forged subscriptions?
The CW would seem to be that twice-around subscription protocols,
which send a magic cookie to the to-be-subscribed address, and do
not permanently enroll the addressee until said magic cookie has
been returned as a confirmation of the request to enroll, are the
known way to defeat subscription forgeries (most of the time).
Even these confirmation-request messages could be spammed into
quite a mailbomb, :-<
See in the archives under the "3rd party auto-reply ..." thread
for a recent flurry touching on this issue.